Re: IPsec rules per User
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 13:06:29 -0500
Cool. That is a clever way to assign an ipsec policy based on logged on user
and if it works the way you expect that is great and thanks for sharing
that. However to be accurate it is not a way to assigning ipsec rules per
user. Rules simply contain a filter with definitinions for
ports/protocol/IPs and a filter action. --- Steve
<boomboom999@xxxxxxxxx> wrote in message
news:1151601865.648717.299700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Steven Umbach a écrit :
That is not possible in Windows 2000/2003/XP. Ipsec policies are only
machine
aware [computer configuration] and only authenticate to the other
computer. ---
Steve
<boomboom999@xxxxxxxxx> wrote in message
news:1151594376.896576.26200@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Is it possible to create a GPO that assign IPSec rules per user and not
per computer?
Thank you
We have found a way to do that with a bit of scripting.
The main idea is the following.
1. Create user groups like IPSecPolicy1, IPSecPolicy2 etc.
2. Create one GPO that covers all computers that need IPSec
3. Run a startup script within this GPO which :
- creates a Scheduled Task
- configures this task to run as Local System
- configures this task to run at logon only (for any user)
- configures this task to execute the following script:
if the current User belongs to IPSecPolicy1
run Ipsecpol.exe <Policy1>
if the current User belongs to IPSecPolicy2
run Ipsecpol.exe <Policy2>
etc.
4. Assigns users to appropriate groups.
Done.
:)
.
- References:
- IPsec rules per User
- From: boomboom999
- Re: IPsec rules per User
- From: Steven Umbach
- Re: IPsec rules per User
- From: boomboom999
- IPsec rules per User
- Prev by Date: Re: IPsec rules per User
- Next by Date: Re: IPsec rules per User
- Previous by thread: Re: IPsec rules per User
- Next by thread: Re: IPsec rules per User
- Index(es):
Relevant Pages
|
|
